[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 15 April 2005, 09:48 GMT 10:48 UK
Data safety at top of the agenda
Masked men
Identity theft: Is someone pretending to be you?
Recent tales of the loss of personal data in the US are worrying, says technology analyst Bill Thompson.

I have just signed up with Directgov, the Government gateway, so that I can pay my income tax and send in my VAT return electronically.

It is a big step forward for me, because up to now I have been suspicious of these services and worried that the server will crash just when I really need to use it.

But things seem a lot more stable now, and the systems have had time to bed down.

So while I may not buy my groceries online yet, I am gradually moving more and more of my day to day activities onto the net.

Of course life is far from perfect, and later today I will be phoning the helpline because I have forgotten my username, but I am sure this initial obstacle will be overcome.

Data theft

I will be sharing rather a lot of extremely personal information with the site, which is hosted for the government by ITNET, and I hope they take good care of it.

Unfortunately there has recently been a rash of stories from the US about data theft, and it is rather disturbing.

The latest was earlier this week when HSBC bank revealed that it is writing to about 180,000 people who have its General Motors-branded MasterCard because transactions made with Polo Ralph Lauren could have been leaked.

They join the 320,000 people who had their names, addresses, driving license numbers and social security numbers stolen from databases held by the data broker Lexis Nexis.

Technology analyst Bill Thompson
In the absence of any strong data protection laws, companies that have been careless with their clients' data and reputations will probably go unpunished, even by consumers

And this follows the news from February that hackers had been able to access the vast database held by the ChoicePoint credit reference agency.

Information about 145,000 people was stolen and there have been at least 750 cases of identity theft as a result.

In a speech on Thursday President George Bush told the American Society of Newspaper Editors that he avoids using e-mail, fearing that because "everything is investigated in Washington" his personal e-mails would be made public.

Touching concern

He told the editors that "there has got to be a certain sense of privacy... I don't think you're entitled to be able to read my mail between my daughters and me".

Bush's concern for his family is touching, but of course he is simply worried that the legitimate disclosure of government business will extend to more personal information, not about unauthorised leaks of his e-mails to the twins.

Yet he should be concerned for all Americans, not just his family.

The rapid growth of "identity crime" in the US, where a thief collects enough personal data on someone to impersonate them and take out loans or credit cards in their name instead of actually stealing their wallet or purse, is extremely worrying.

US senator Charles Schumer
The US Senate has been investigating ID theft

We have strong data protection laws here in the UK and the rest of Europe, laws that US politicians and commentators frequently criticise as economically damaging.

But the real damage would seem to come from the lack of confidence that will be created as a result of this plethora of leaks, fraud and general sloppiness.

It is not just those who use e-commerce sites that are vulnerable: Choicepoint is not an online shop, it is a data collection agency.

Having watched the horse head off across the field, there are now moves to do something about the stable door.

In a rather touching indication that their faith in the free market remains undimmed, Californian senator Dianne Feinstein has introduced a bill that would require organisations that collect personal data to tell people when their information has been lost and stolen.

Massive loss

This implies that consumer choice will make a difference, but of course we do not get to choose which credit reference agencies hold our personal data.

We do not get to choose government agencies either, of course. If I was told that Directgov had lost my data I could not exactly change to another VAT supplier.

It is not even as if the market particularly cares. When Lexis Nexis revealed the massive loss of personal data shares in its parent company, Reed Elsevier, dropped in value by only one per cent.

Hardly a severe punishment by investors, who clearly see that taking good care of sensitive data is not really that much of an issue.

In the absence of any strong data protection laws, companies that have been careless with their clients' data and reputations will probably go unpunished, even by consumers.

This jars with the nine-year prison sentence recently handed down to Jeremy Jaynes, convicted in Virginia of sending vast amounts of spam e-mail through AOL's servers.

Jaynes' spam, which was estimated to bring in $750,000 a month at its peak from people gullible enough to buy fake medicines or sign up for get-rich-quick schemes, was certainly annoying.

Although of course we must remember that his crime was not sending unwanted commercial e-mail, which is permitted if not positively encouraged as a way of using the net for marketing purposes.

He broke the law by faking the return addresses on the messages he sent.

Nine years seems rather a harsh penalty for a crime that did not itself harm anyone.

Even if he had been convicted of fraud then it would be rather excessive, and Jaynes must wonder why sending e-mails is treated so seriously when leaking personal data - and giving identity criminals the opportunity to steal money and wreck people's credit ratings - is seen as a matter for the free market.

Bill Thompson is a regular commentator on the BBC World Service programme Go Digital.

The BBC is not responsible for the content of external internet sites


Americas Africa Europe Middle East South Asia Asia Pacific